[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libreplanet-discuss] Hello, and setting up a server

From: Bryan Baldwin
Subject: Re: [libreplanet-discuss] Hello, and setting up a server
Date: Sun, 26 Apr 2015 21:40:22 +1200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

On 04/26/15 02:36, Jim Garrett wrote:
Am I correct in thinking that running a server for this purpose requires a static IP address?
No. You can enlist the aid of a dynamic dns service. I use DNSexit. The catch of this solution is that you must run a script on your server that periodically checks its IP address and updates the dns server when it changes.
Sound simple but the biggest gotcha is when the update script stop working. For myself, I use a bash script wrapper around the perl updater to detect when it has lost the plot, then restart it.
Lots of inexperienced people running servers sounds like a large-scale security disaster waiting to happen.  Is there any way this could be managed?
I just started a high security project at work this year. How far you need to go depends on the sensitivity of the data and services you want to protect. Here is some low hanging fruit:
  • Do not use SSH, or enable SSH on a non-standard port.
  • Use SSHGuard to detect and stop brute forcing attempts (works for more than just SSH btw).
  • Use IPTables, or similar firewall, to block ports other than those being used.
  • Install Snort to detect network intrusion attempts.
  • Install AIDE to detect intrusion (and rootkits) at the filesystem level.


Attachment: 0xE1A91299.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]